Security, Trust, & Privacy
Security
For any security-related questions, feel free to contact us at [email protected].
Infrastructure security
We depend on the following subprocessors, roughly organized from most critical to least. Note that code data is sent up to our servers to power all of Cursor’s AI features (see AI Requests section), and that code data for users on privacy mode (legacy) is never persisted (see Privacy Mode Guarantee section).
Explore how each mode affects how data is sent and stored.
AWS:
Our infrastructure is primarily hosted on AWS, with servers located in the US, and backup servers distributed in Europe and Asia.
Some secondary infrastructure is hosted on Google Cloud Platform (GCP). All of our GCP servers are in the US.
We use MongoDB for some of our analytics data, for users who do not have privacy mode enabled.
We use Amplitude for some of our analytics data. No code data is stored with Amplitude; only event data such as "number of Antes creation attempts".
We use Slack as our internal communication tool. We may send snippets of prompts of non-privacy users in our internal chats for debugging.
We use Google Workspace to collaborate. We may send snippets of prompts of non-privacy users in our internal emails for debugging.
Linear: We use Linear to track issues and collaborate.
Vulnerability disclosures
If you believe you have found a vulnerability in Ante, please submit the report to [email protected]
We commit to acknowledging vulnerability reports within 10 business days, and addressing them as soon as we are able to.
Trust Assumptions
Ante
Ante V1 is a software interface that enables onchain crypto inheritance and asset recovery without centralized custody. Ante never holds, stores, generates, or has access to a user’s private keys, key shares, or assets at any point. Ante does not have control over any user accounts (wallets or Safes) and has no ability to steal or recover funds from user wallets or Safes.
If the Ante app goes down, users can still access and withdraw funds from their vaults via 3rd-party interfaces. We recommend saving the Recovery Kit with instructions for doing so (access from your Vault Details page after creating a vault).
Privy
We use Privy to generate wallets for people using email or other authentication methods. Privy is an MPC (multi-party computation) wallet where private key material is split between the user’s device and Privy’s infrastructure.
If you sign up via email and do not set up a backup, theoretically Privy could steal funds from your vault. This could be achieved by introducing malicious code into the Privy codebase.
In order to avoid this users should back up their account or set a passphrase AND they should also export their embedded wallet and keep the PK safe
Guardians & Recipients
Guardians and Recipient could collude to prevent the owner from checking in order to withdraw funds from a vault
Recommendation: don't tell your Guardians/Recipient who other Guardians/Recipient are.
A malicious or inactive Guardian(s) could delay asset handoff indefinitely by never approving the handoff after the Dead Man's Switch fails.
Recommendation: Ask your Guardians to check in periodically so you know they are able to carry out the handoff, and rotate out Guardians if you don't trust them to approve handoff. Assign more than one Guardian so that a single inactive/malicious Guardian can't delay handoff indefinitely (e.g., 2 of 3 or 3 of 5)
If a vault has multiple owners, each owner implicitly trusts all the other owners of the vaults
Recommendation: only co-own vaults with people you trust to have full control over the vault
If you set the wrong address as a Recipient, you could end up handing off assets to the wrong person
Recommendation: Verify with your chosen Recipient that they have control of the email or wallet you specify and update if necessary.
If you don't set token allowances for the tokens you want to transfer to your Recipient, the tokens won't be handed off
The Ante app will let you know if you have tokens allowances missing, but we recommend double checking as well in the Recipient settings.
Others
Email provider — email accounts are only as safe as you keep your email account
Recommendation: Set up two-factor authentication (2FA) on your email account, ideally using a hardware security key or authenticator app (avoid and disable SMS 2FA)
External interfaces — e.g. if you use the Safe{Wallet} interface or Etherscan to interact with Ante V1 vaults, you trust the source of the interface being loaded
Recommendation coming soon.
Privacy
Analytics
We are using Segment Analytics for tracking app activity.
We are explicitly tracking app interactions like: button clicks, successfully submitted transactions, etc. attaching only the following fields:
version of the app
URL on which the user executed the action
the name of the action
the vault address & chain ID - when applicable
the Privy unique user ID
Segment appends other common fields when the request reaches their servers. A list of what they are tracking can be found here: https://segment.com/docs/connections/spec/common/
Email privacy
We are using Privy as authentication layer, meaning that linking a email address to your account discloses the association between your wallet address and your email address to both Ante and Privy.
Our API ensures that:
For EOA users, if they have a linked email address, it is never displayed in the app and that address is used only for sending notifications.
For email users, their email address is disclosed only to participants of the same vault according to the following permissions. The following examples assume all participants are email users.
Vault Owner can view email addresses of Guardians and Recipient
Guardians can view only the email address of Vault Owner
Recipient can view only the email address of Vault Owner
Anonymous user cannot view any email address
Coming soon: you can opt to store user-encrypted data on Ante so that even a malicious Ante employee cannot find out the email address associated with a particular wallet
Last updated